Skip to main content

siyuan

Enables users to manage and interact with a self-hosted knowledge base using the SiYuan Note API via curl commands.

Install this skill

or
0/100

Security score

The siyuan skill was audited on Jun 11, 2026 and we found 59 security issues across 4 threat categories, including 1 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

high line 33

Template literal with variable interpolation in command context

SourceSKILL.md
333. Store it in `${HERMES_HOME:-~/.hermes}/.env`:
medium line 44

Template literal with variable interpolation in command context

SourceSKILL.md
44```bash
medium line 85

Template literal with variable interpolation in command context

SourceSKILL.md
85```bash
medium line 96

Template literal with variable interpolation in command context

SourceSKILL.md
96```bash
medium line 109

Template literal with variable interpolation in command context

SourceSKILL.md
109```bash
medium line 118

Template literal with variable interpolation in command context

SourceSKILL.md
118```bash
medium line 127

Template literal with variable interpolation in command context

SourceSKILL.md
127```bash
medium line 136

Template literal with variable interpolation in command context

SourceSKILL.md
136```bash
medium line 145

Template literal with variable interpolation in command context

SourceSKILL.md
145```bash
medium line 154

Template literal with variable interpolation in command context

SourceSKILL.md
154```bash
medium line 163

Template literal with variable interpolation in command context

SourceSKILL.md
163```bash
medium line 176

Template literal with variable interpolation in command context

SourceSKILL.md
176```bash
medium line 185

Template literal with variable interpolation in command context

SourceSKILL.md
185```bash
medium line 200

Template literal with variable interpolation in command context

SourceSKILL.md
200```bash
medium line 213

Template literal with variable interpolation in command context

SourceSKILL.md
213```bash
medium line 224

Template literal with variable interpolation in command context

SourceSKILL.md
224```bash
medium line 239

Template literal with variable interpolation in command context

SourceSKILL.md
239```bash
medium line 251

Template literal with variable interpolation in command context

SourceSKILL.md
251```bash
medium line 45

Curl to non-GitHub URL

SourceSKILL.md
45curl -s -X POST "${SIYUAN_URL:-http://127.0.0.1:6806}/api/..." \
medium line 86

Curl to non-GitHub URL

SourceSKILL.md
86curl -s -X POST "${SIYUAN_URL:-http://127.0.0.1:6806}/api/search/fullTextSearchBlock" \
medium line 97

Curl to non-GitHub URL

SourceSKILL.md
97curl -s -X POST "${SIYUAN_URL:-http://127.0.0.1:6806}/api/query/sql" \
medium line 110

Curl to non-GitHub URL

SourceSKILL.md
110curl -s -X POST "${SIYUAN_URL:-http://127.0.0.1:6806}/api/block/getBlockKramdown" \
medium line 119

Curl to non-GitHub URL

SourceSKILL.md
119curl -s -X POST "${SIYUAN_URL:-http://127.0.0.1:6806}/api/block/getChildBlocks" \
medium line 128

Curl to non-GitHub URL

SourceSKILL.md
128curl -s -X POST "${SIYUAN_URL:-http://127.0.0.1:6806}/api/filetree/getHPathByID" \
medium line 137

Curl to non-GitHub URL

SourceSKILL.md
137curl -s -X POST "${SIYUAN_URL:-http://127.0.0.1:6806}/api/attr/getBlockAttrs" \
medium line 146

Curl to non-GitHub URL

SourceSKILL.md
146curl -s -X POST "${SIYUAN_URL:-http://127.0.0.1:6806}/api/notebook/lsNotebooks" \
medium line 155

Curl to non-GitHub URL

SourceSKILL.md
155curl -s -X POST "${SIYUAN_URL:-http://127.0.0.1:6806}/api/filetree/listDocsByPath" \
medium line 164

Curl to non-GitHub URL

SourceSKILL.md
164curl -s -X POST "${SIYUAN_URL:-http://127.0.0.1:6806}/api/filetree/createDocWithMd" \
medium line 177

Curl to non-GitHub URL

SourceSKILL.md
177curl -s -X POST "${SIYUAN_URL:-http://127.0.0.1:6806}/api/notebook/createNotebook" \
medium line 186

Curl to non-GitHub URL

SourceSKILL.md
186curl -s -X POST "${SIYUAN_URL:-http://127.0.0.1:6806}/api/block/appendBlock" \
medium line 201

Curl to non-GitHub URL

SourceSKILL.md
201curl -s -X POST "${SIYUAN_URL:-http://127.0.0.1:6806}/api/block/updateBlock" \
medium line 214

Curl to non-GitHub URL

SourceSKILL.md
214curl -s -X POST "${SIYUAN_URL:-http://127.0.0.1:6806}/api/filetree/renameDocByID" \
medium line 225

Curl to non-GitHub URL

SourceSKILL.md
225curl -s -X POST "${SIYUAN_URL:-http://127.0.0.1:6806}/api/attr/setBlockAttrs" \
medium line 240

Curl to non-GitHub URL

SourceSKILL.md
240curl -s -X POST "${SIYUAN_URL:-http://127.0.0.1:6806}/api/block/deleteBlock" \
medium line 252

Curl to non-GitHub URL

SourceSKILL.md
252curl -s -X POST "${SIYUAN_URL:-http://127.0.0.1:6806}/api/export/exportMdContent" \
medium line 33

Access to hidden dotfiles in home directory

SourceSKILL.md
333. Store it in `${HERMES_HOME:-~/.hermes}/.env`:
low line 290

Access to hidden dotfiles in home directory

SourceSKILL.md
290# In ~/.hermes/config.yaml under mcp_servers:
medium line 33

Access to .env file

SourceSKILL.md
333. Store it in `${HERMES_HOME:-~/.hermes}/.env`:
low line 21

External URL reference

SourceSKILL.md
21prompt: SiYuan instance URL (default http://127.0.0.1:6806)
low line 36

External URL reference

SourceSKILL.md
36SIYUAN_URL=http://127.0.0.1:6806
low line 38

External URL reference

SourceSKILL.md
38`SIYUAN_URL` defaults to `http://127.0.0.1:6806` if not set.
low line 45

External URL reference

SourceSKILL.md
45curl -s -X POST "${SIYUAN_URL:-http://127.0.0.1:6806}/api/..." \
low line 86

External URL reference

SourceSKILL.md
86curl -s -X POST "${SIYUAN_URL:-http://127.0.0.1:6806}/api/search/fullTextSearchBlock" \
low line 97

External URL reference

SourceSKILL.md
97curl -s -X POST "${SIYUAN_URL:-http://127.0.0.1:6806}/api/query/sql" \
low line 110

External URL reference

SourceSKILL.md
110curl -s -X POST "${SIYUAN_URL:-http://127.0.0.1:6806}/api/block/getBlockKramdown" \
low line 119

External URL reference

SourceSKILL.md
119curl -s -X POST "${SIYUAN_URL:-http://127.0.0.1:6806}/api/block/getChildBlocks" \
low line 128

External URL reference

SourceSKILL.md
128curl -s -X POST "${SIYUAN_URL:-http://127.0.0.1:6806}/api/filetree/getHPathByID" \
low line 137

External URL reference

SourceSKILL.md
137curl -s -X POST "${SIYUAN_URL:-http://127.0.0.1:6806}/api/attr/getBlockAttrs" \
low line 146

External URL reference

SourceSKILL.md
146curl -s -X POST "${SIYUAN_URL:-http://127.0.0.1:6806}/api/notebook/lsNotebooks" \
low line 155

External URL reference

SourceSKILL.md
155curl -s -X POST "${SIYUAN_URL:-http://127.0.0.1:6806}/api/filetree/listDocsByPath" \
low line 164

External URL reference

SourceSKILL.md
164curl -s -X POST "${SIYUAN_URL:-http://127.0.0.1:6806}/api/filetree/createDocWithMd" \
low line 177

External URL reference

SourceSKILL.md
177curl -s -X POST "${SIYUAN_URL:-http://127.0.0.1:6806}/api/notebook/createNotebook" \
low line 186

External URL reference

SourceSKILL.md
186curl -s -X POST "${SIYUAN_URL:-http://127.0.0.1:6806}/api/block/appendBlock" \
low line 201

External URL reference

SourceSKILL.md
201curl -s -X POST "${SIYUAN_URL:-http://127.0.0.1:6806}/api/block/updateBlock" \
low line 214

External URL reference

SourceSKILL.md
214curl -s -X POST "${SIYUAN_URL:-http://127.0.0.1:6806}/api/filetree/renameDocByID" \
low line 225

External URL reference

SourceSKILL.md
225curl -s -X POST "${SIYUAN_URL:-http://127.0.0.1:6806}/api/attr/setBlockAttrs" \
low line 240

External URL reference

SourceSKILL.md
240curl -s -X POST "${SIYUAN_URL:-http://127.0.0.1:6806}/api/block/deleteBlock" \
low line 252

External URL reference

SourceSKILL.md
252curl -s -X POST "${SIYUAN_URL:-http://127.0.0.1:6806}/api/export/exportMdContent" \
low line 297

External URL reference

SourceSKILL.md
297SIYUAN_URL: "http://127.0.0.1:6806"
Scanned on Jun 11, 2026
View Security Dashboard
Installation guide →